Apache OpenWhisk CVE-2018-11756 Remote Code Execution Vulnerability
BID:104915
CVE-2018-11756 |Info
Apache OpenWhisk CVE-2018-11756 Remote Code Execution Vulnerability
| Bugtraq ID: | 104915 |
| Class: | Input Validation Error |
| CVE: |
CVE-2018-11756 |
| Remote: | Yes |
| Local: | No |
| Published: | Jul 23 2018 12:00AM |
| Updated: | Jul 23 2018 12:00AM |
| Credit: | Yuri Shapira and Ory Segal of PureSec. |
| Vulnerable: |
Apache OpenWhisk 1.0 |
| Not Vulnerable: |
Apache OpenWhisk 1.0.2 Apache OpenWhisk 1.0.1 |
Discussion
Apache OpenWhisk CVE-2018-11756 Remote Code Execution Vulnerability
Apache OpenWhisk is prone to a remote code-execution vulnerability.
An attacker may exploit this issue to inject and execute arbitrary code within the context of the affected application; this may aid in further attacks.
Apache OpenWhisk is prone to a remote code-execution vulnerability.
An attacker may exploit this issue to inject and execute arbitrary code within the context of the affected application; this may aid in further attacks.
Exploit / POC
Apache OpenWhisk CVE-2018-11756 Remote Code Execution Vulnerability
The researcher has created a functional exploit to demonstrate the issue. Please see the references for more information.
The researcher has created a functional exploit to demonstrate the issue. Please see the references for more information.
Solution / Fix
Apache OpenWhisk CVE-2018-11756 Remote Code Execution Vulnerability
Solution:
Updates are available. Please see the references or vendor advisory for more information.
Solution:
Updates are available. Please see the references or vendor advisory for more information.
References
Apache OpenWhisk CVE-2018-11756 Remote Code Execution Vulnerability
References:
References:
- Apache Homepage (Apache)
- [CVE] CVE-2018-11756 PHP Runtime for Apache OpenWhisk (Apache)
- PureSec Security Advisory (puresec.io)